Claims
- 1. A method for providing security, comprising:
separating a plurality of classes into at least a first trusted class and an untrusted class; associating privilege information with the first trusted class; and controlling access to the first trusted class by the untrusted class or a second trusted class based upon the privilege information associated with the first trusted class.
- 2. The method of claim 1 further comprising:
granting the untrusted class or the second trusted class a privilege related to the first trusted class based upon a permissive attribute of the privilege information; and wherein the step of controlling access depends upon the privilege.
- 3. The method of claim 1 further comprising:
refusing to grant the untrusted class or second trusted class a privilege related to the first trusted class based upon a permissive attribute of the privilege information; and wherein controlling access depends upon the privilege.
- 4. The method of claim 2, wherein controlling access further comprises:
determining if the privilege allows the untrusted class or second trusted class to interact with the first trusted class in a predefined manner; and permitting the access to the first trusted class in the predefined manner if the privilege permits the access.
- 5. The method of claim 4 further comprising denying the access to the first trusted class in the predefined manner if the access to the first trusted class in the predefined manner is contrary to the privilege.
- 6. The method of claim 5, wherein the privilege allows at least one of the group of creating a subclass of the first trusted class, creating a new instance of the first trusted class, allowing the untrusted class or second trusted class to invoke a method of the first trusted class, and allowing the untrusted class or second trusted class access to trusted data of the first trusted class.
- 7. The method of claim 1, wherein the step of separating the classes further comprises associating a package with the first trusted class.
- 8. The method of claim 7, wherein associating the package further a comprises encapsulating the first trusted class within the package.
- 9. The method of claim 7, wherein the package further comprises:
a key; a package name incorporating the key; the privilege information; and the first trusted class.
- 10. The method of claim 1, wherein the step of separating the classes further comprises allocating a separate memory space for the first trusted class and the untrusted class.
- 11. The method of claim 1, wherein the privilege information further comprises a plurality of permissive attributes.
- 12. The method of claim 11, wherein the permissive attributes comprises at least one of the group of a subclass attribute, a new instance attribute, a method invocation attribute, and a trusted data access attribute.
- 13. A method of claim 11 further comprising setting the permissive attribute to indicate a privilege grant to the untrusted class or second trusted class.
- 14. The method of claim 11, wherein a default for the permissive attribute indicates no privilege grant to the untrusted class or second trusted class.
- 15. The method of claim 1, wherein controlling access to the first trusted class further comprises:
detecting when a request for a trusted class operation is made by the untrusted class or second trusted class; determining that the trusted class operation is authorized based on the privilege information associated with the first trusted class; and allowing access to the first trusted class according to the trusted class operation.
- 16. The method of claim 15, wherein the trusted class operation is at least one of a group of operations comprising a subclass operation, a new instance creation, a method call operation, and a trusted data access operation.
- 17. A method of claim 15, wherein the step of determining further comprises determining that the trusted class operation is authorized based on the setting for at least one permissive attribute within the privilege information.
- 18. A secure virtual machine instruction processor comprising:
a first memory space for storing an untrusted class; a second memory space for storing a first trusted class; a privilege manager for managing privilege information associated with the first trusted class; and a controller for controlling access to the first trusted class during a trusted class operation, wherein the controller is operative to receive a request for the trusted class operation from the untrusted class or a second trusted class and grant access to the first trusted class based on at least one permissive attribute within the privilege information for the first trusted class.
- 19. A processor of claim 18, wherein the request received by the controller is one of the group of a subclass attribute, a new instance attribute, a method invocation attribute, and a trusted data access attribute.
- 20. A processor of claim 18, wherein the controller is further operative to permit access to the first trusted class in a predefined manner if the privilege permits the access.
- 21. A processor of claim 18, wherein the controller is further operative to deny access to the first trusted class in a predefined manner if the privilege is contrary to the privilege.
- 22. A processor of claim 18, wherein the first trusted class of the second memory space is associated with a package.
- 23. A processor of claim 22, wherein associating the package further comprises encapsulating the first class within the package.
- 24. A processor of claim 22, wherein the package further comprises:
a key; a package name incorporating the key; the privilege information; and the first trusted class.
- 25. A computer-readable medium on which is stored instructions, which when executed perform steps in a method for providing a secure virtual machine, the steps comprising:
separating a plurality of classes into at least a first trusted class and an untrusted class; associating privilege information with the first trusted class; and controlling access to the first trusted class by the untrusted class or a second trusted class based upon the privilege information associated with the first trusted class.
- 26. The computer-readable medium of claim 25 further comprising:
refusing to grant the untrusted class or second trusted class a privilege related to the first trusted class based upon a permissive attribute of the privilege information; and wherein the step of controlling access depends upon the privilege.
- 27. The computer-readable medium of claim 25 further comprising:
granting the untrusted class or second trusted class a privilege related to the first trusted class based upon a permissive attribute of the privilege information; and wherein the step of controlling access depends upon the privilege.
- 28. The computer-readable medium of claim 25 further comprising denying the access to the first trusted class in the predefined manner if the access to the first trusted class in the predefined manner is contrary to the privilege information.
- 29. The computer-readable medium of claim 28 wherein the privilege information allows at least one of the group of creating a subclass of the first trusted class, creating a new instance of the first trusted class, allowing the untrusted class or second trusted class to invoke a method of the first trusted class, and allowing the untrusted class or second trusted class access to trusted data of the first trusted class.
Parent Case Info
[0001] Applicants claim the right to priority based on Provisional Patent Application No. 60/294,005, filed May 30, 2001.
Provisional Applications (1)
|
Number |
Date |
Country |
|
60294005 |
May 2001 |
US |